Author: David Kennedy

– JOIN TRUSTEDSEC and MARSH ON September 12th, 2018 AT 2:00 PM EDT – The automotive industry is experiencing a level of change and innovation not seen since the introduction of the passenger car. While this sector has traditionally been dominated by original equipment manufacturers (OEMs) and their suppliers, today it welcomes a host of…

Matt Nelson (@engima0x3) from SpecterOps recently released a blog post on leveraging a newly discovered filetype extension with the possibility of command execution. This was a fantastic blog, and as attackers, we typically try to find multiple ways to execute code from different delivery systems. This blog is leveraging the awesome research from Matt and…

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Ben Tenjamin, Geoff Walton, Chris Prewitt, Justin Bollinger

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Scott White, Geoff Walton, Costa Petros, and Alex Hamerstone.

UPDATE: When posting this blog, we had not done the most recent patches for patch Tuesday (in March). This SMB flaw apparently was fixed on Tuesday with MS17-010. When we did our testing, we were out of the patch cycle for March. Clarified the blog post with the update and link to Microsoft below. Link…

When I started TrustedSec over five years ago, I had a dream to start a company that makes the security industry better. A company that brings in top talent and amazing people that I call friends. A place where we always work with the mindset of “always doing the right thing” for our people and…

Office 365 has an assortment of capabilities allowing both small to extremely large businesses to move their infrastructure and services to the cloud. In 2015, Microsoft introduced their “Advanced Threat Protection” functionality and has since been bolstered in 2016 and 2017 as a direct way to protect against advanced attacks. If you look at Microsoft’s…

PowerShell continues to be one of the hot topics for security conferences and something that is actively being used both for offense and for defense. Defenders are getting smarter when it comes to detecting potentially malicious uses of PowerShell through a number of methods. There’s a number of methods that are used for legitimate and…